Remote Code Execution and DoS Vulnerability in Cisco FXOS and NX-OS Software
CVE-2018-0308

9.8CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Fxos And Nx-os Unknown
Vendor
CVE Published:
20 June 2018

Summary

A vulnerability within the Cisco Fabric Services of Cisco FXOS and NX-OS Software enables an unauthenticated remote attacker to exploit insufficient validation of header values in Cisco Fabric Services packets. By sending a specifically crafted packet, an attacker could trigger a buffer overflow, potentially leading to arbitrary code execution or a denial of service condition on the affected devices. This vulnerability affects multiple Cisco devices configured to use Cisco Fabric Services, including various models of Firepower, MDS, and Nexus switches.

Affected Version(s)

Cisco FXOS and NX-OS unknown Cisco FXOS and NX-OS unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104514
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041169
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.